Since we are currently receiving too many phishing (fake) emails and calls, unverified phone and email Support requests can currently not be processed. Therefore, please send us a verified support request over your customer account Login > Open Ticket. Since we cannot determine the identity and authorization of a caller by phone, unfortunately no questions about account details can be answered by phone for data […]
Critical security vulnerability in WordPress plugin Layerslider – Please Update NOW! The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries […]
Hackers Stole Microsoft Source Code Details: https://www.heise.de/news/Russische-Angreifer-klauen-Quellcode-von-Microsoft-9650468.html Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard https://msrc.microsoft.com/blog/2024/03/update-on-microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/
CVE-2024-21413 – Microsoft Outlook This vulnerability impacts Microsoft Outlook, enabling unauthenticated attackers to execute remote code. This could bypass the protected view settings of Office documents, leading users to open links sent within emails in editing mode. Malicious actors are likely to exploit this vulnerability through phishing emails containing Office documents. Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413 other: https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-113/Microsoft-Outlook.html
WordPress Ultimate Member Plugin Due to the ongoing critical security leaks, the use of this plugin is no longer permitted on our servers, please remove this plugin completely if used. The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the ’sorting‘ parameter in versions 2.1.3 to 2.8.2 due to insufficient […]
– Insufficient session expiration in MFA management views – Open redirect in installation application – XSS in media selection fields – XSS in mail address outputs – Inadequate content filtering within the filter code https://www.joomla.org/announcements/release-news/5904-joomla-5-0-3-and-4-4-3-security-and-bug-fix-release.html Please update your joomla installation now!
Dedicated KVM server specifically made for high demanding and resource intensive applications without ModSecurity or PHP limit restrictions. Pro server with preinstalled: Joomla, WordPress, Drupal, Prestashop and Nextcloud now available. Joomla Server SSD 40-320 GB: https://www.globe.lu/en/joomla-hosting/ WordPress Server SSD 40-320 GB: https://www.globe.lu/en/wordpress-hosting/ Drupal Server SSD 40-320 GB: https://www.globe.lu/en/drupal-pro-server/ Prestashop Server SSD 40-320 GB: https://www.globe.lu/en/online-shop-hosting/ Nextcloud Server SSD 40-320 GB: https://www.globe.lu/en/nextcloud-server/
From all of us here at GLOBE.LU we wish you a holiday season filled with joy and happiness!
Angreifer können unbefugt auf Dateien auf Nextcloud- und ownCloud-Servern zugreifen. Sicherheitsupdates und Workarounds schaffen Abhilfe! Attackers can gain unauthorized access to files on Nextcloud and ownCloud servers. Please update now! Details: https://www.heise.de/news/Cloud-Computing-Software-ownCloud-und-Nextcloud-angreifbar-9537650.html
A serious vulnerability in WP Fastest Cache Plugin has been discovered. A loophole in WP Fastest Cache allows unauthorized access to WordPress websites. Please update NOW! Lücke in WP Fastest Cache gefährdet hunderttausende Websites. Durch ein Schlupfloch in WP Fastest Cache sind unbefugte Zugriffe auf WordPress-Websites vorstellbar. Ein Sicherheitsupdate schafft Abhilfe. Details: https://www.heise.de/news/WordPress-Plug-in-Luecke-in-WP-Fastest-Cache-gefaehrdet-hunderttausende-Websites-9530618.html https://wpscan.com/blog/unauthenticated-sql-injection-vulnerability-addressed-in-wp-fastest-cache-1-2-2/
4 Million WordPress Sites affected by Stored Cross-Site Scripting Vulnerability in LiteSpeed Cache Plugin. The popular LiteSpeed WordPress plugin patched a vulnerability that compromised over 4 million websites, allowing hackers to upload malicious scripts. LiteSpeed was notified of the vulnerability two months ago on August 14th and released a patch in October UPDATE NOW! Details: https://www.wordfence.com/blog/2023/10/4-million-wordpress-sites-affected-by-stored-cross-site-scripting-vulnerability-in-lightspeed-cache-plugin/ https://www.heise.de/news/Luecke-in-LiteSpeed-Cache-Plug-in-gefaehrdet-4-Millionen-WordPress-Websites-9342838.html?wt_mc=nl.red.security.security-nl.2023-10-26.link.link https://www.searchenginejournal.com/wordpress-litespeed-plugin-vulnerability-affects-4-million-websites/499074/
Security researchers are warning of a critical-severity vulnerability in the Royal Elementor Addons and Templates WordPress plugin that has been exploited as a zero-day for more than a month. Developed by WP Royal, the plugin helps domain admins build their websites without any coding experience. Royal Elementor has more than 200,000 active installations on the WordPress marketplace. Details: https://www.wordfence.com/blog/2023/10/psa-critical-unauthenticated-arbitrary-file-upload-vulnerability-in-royal-elementor-addons-and-templates-being-actively-exploited/ https://www.securityweek.com/wordpress-websites-hacked-via-royal-elementor-plugin-zero-day/
This plugin suffers from multiple vulnerabilities. The first vulnerability is a POST-based reflected XSS. This vulnerability could allow any unauthenticated user to steal sensitive information to, in this case, privilege escalation on the WordPress site by tricking privileged users to visit the crafted website. The described vulnerability was fixed in version 3.6.26 and assigned CVE-2023-37979. The second and third vulnerabilities are a broken access control […]
Eine kritische Sicherheitslücke im Woocommerce Payments-Plug-in, das mehr als 600.000 WordPress-Sites einsetzen, ist das Ziel einer aktuellen Angriffswelle. Davor warnen die IT-Sicherheitsforscher von Wordfence. Die IT-Forensiker schreiben, dass die Angriffswelle bereits am vergangenen Freitag angefangen habe. Sie setzte sich am Wochenende weiter fort und erreichte ihren bisherigen Höhepunkt am Samstag und Sonntag des Wochenendes mit je 1,3 Millionen Attacken gegen 157.000 Websites. Deatils: https://www.heise.de/news/Wordpress-Aktuelle-Attacke-auf-Woocommerce-Payments-9219114.html
There is a critical vulnerability in the online shop system Prestashop, through which unregistered attackers from the network can completely compromise the system. Cyber criminals are already using the vulnerability to attack credit card data on a large scale. english: https://friends-of-presta.github.io/security-advisories/modules/2023/05/11/possearchproducts.html german: https://www.heise.de/news/Shopsystem-Kritische-Sicherheitsluecke-in-Prestashop-wird-angegriffen-9010286.html
Critical Privilege Escalation in Essential Addons for Elementor Plugin Affecting 1+ Million Sites It is possible to reset the password of any user as long as we know their username thus being able to reset the password of the administrator and login on their account. This vulnerability occurs because this password reset function does not validate a password reset key and instead directly changes the […]
PrestaShop: Angreifer könnten Datenbank manipulieren Eine kritische Sicherheitslücke bedroht mit PrestaShop erstellte Onlineshops. Details: https://www.heise.de/news/Onlineshop-System-PrestaShop-Angreifer-koennten-Datenbank-manipulieren-8980645.html User von Onlineshops, die auf die Open-Source-E-Commerce-Plattform PrestaShop aufbauen, sollten ihre Systeme zeitnah auf den aktuellen Stand bringen. Geschieht dies nicht, könnten Angreifer an mehreren Sicherheitslücken ansetzen.
Hochriskante Sicherheitslücke in WordPress Plug-in – Elementor Pro Angreifer missbrauchen eine Sicherheitslücke im WordPress-Plug-in „Elementor Pro“ zum Einbrechen in Webseiten. Updates umgehend installieren! Eine als hochriskant eingestufte Sicherheitslücke im WordPress-Plug-in Elementor Pro wird von Angreifern missbraucht, um administrativen Zugang zu den WordPress-Webseiten zu erlangen. https://www.heise.de/news/Wordpress-Hochriskante-Luecke-in-Elementor-Pro-wird-angegriffen-8384344.html High severity vulnerability in WordPress Elementor Pro plugin https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-wordpress-elementor-pro-plugin/
Sicherheitslücke in Microsoft Outlook für Windows Es ist eine schwere Sicherheitslücke in Microsoft Outlook für Windows bekannt geworden. Sie ermöglicht es mit speziell manipulierten Mails den NTLM Hash des Client Benutzers auszuleiten. Sie erhalten ein Outlook Update über die regulären Windows Updates oder bei neueren Outlooks direkt über das Programm: Datei > Office-Konto > Updateoptionen Details: https://www.heise.de/news/Microsoft-Outlook-Luecke-Proof-of-Concept-verfuegbar-Sorge-vor-Angriffen-7714602.html
Improve your client account security. Enable two-factor authentication to start using it with your GLOBE.LU account. Two-Factor Authentication adds an extra layer of protection to logins. Once enabled & configured, each time you sign in you will be asked to enter both your username & password as well as a second factor such as a security code. 1. Please download the appropriate app to your […]